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Internet of things (IoT) gained wide popularity in recent years, and this is 
proved by tremendous increase in use of IoT applications worldwide. 
Distributed IoT applications can be implemented securely with the support 
of blockchain. By default, blockchain will ensure authentication of involved 
entities as well as integrity of data. Due to storage restrictions, use of hybrid 
system is preferred, and this involves cloud server for storage and 
blockchain for other functionalities. Data kept in cloud has to be encrypted 
by a strong encryption algorithm. Even though core security objectives are 
achieved, it is necessary to provide a secure method to exchange the key. 
Since, the key is the backbone of a security algorithm, protection of the key 
has to be ensured. In this work, an algorithm is proposed to provide a 
no-share key exchange between two communicating parties in a resource 
constrained environment. The same was implemented and compared with 
conventional key sharing algorithms. Security analysis was formally 
conducted by using widely accepted automated validation of internet 


security protocols and applications (AVISPA) tool and the proposed method 
proved to be secure. 
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1. INTRODUCTION 

For the past few decades, internet of things (IoT) has become very popular worldwide. At the same 
time, vulnerabilities are also increased. IoT comprises of heterogeneous ‘things’ that are uniquely identifiable 
[1]. These devices have interoperable communication capabilities. Security goals have to be achieved in 
communication of these devices with internet and other IoT nodes. IoT applications are used widely in areas 
such as smart homes, health care, smart grids, and vehicular networks. The outbreak of cyber-attacks to IoT 
applications has to be addressed carefully. It is always preferred to study the existing vulnerabilities and 
threats, and then develop efficient security algorithms. Security goals include features such as integrity, 
confidentiality, authentication, and access control. 

According to the well accepted and commonly used suite [2] of security algorithms, advanced 
encryption standard (AES) is being widely used to achieve confidentiality. Rivest Shamir Adleman (RSA) 
algorithm and elliptic curve cryptography (ECC) are used for digital signatures and verification purposes. 
Diffie-Hellman algorithm is widely used for exchanging key securely. SHA-2 and SHA-3 algorithms are 
accepted widely for providing integrity checks with the help of hash values. 

One of the key security objectives is confidentiality and this is accomplished by applying data 
encryption. Encryption algorithms are used to provide secure data transfer by converting data to a format that 
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is not recognizable by unintended users. If encryption algorithm is symmetric, only one key will be used for 
both encryption and decryption. Examples include AES and data encryption standard (DES). RSA is a public 
key encryption algorithm. Public key algorithms are also known as asymmetric algorithms. Each entity will 
possess a private key and a shared public key. Other algorithms such as ECC and Diffie-Hellman key 
exchange fall under asymmetric category. 

Major strength behind an encryption algorithm is the key value used. Hence, key security becomes a 
severe point of concern and key management algorithms have to be designed efficiently. Conventional 
security algorithms were designed to apply on networks. When IoT based systems are considered, scenario 
becomes different. Devices in IoT systems are resource constrained. Similar to any other communicating 
entities, loT devices are also vulnerable to various attacks. Several studies were conducted on different types 
of attacks [3]-[5] and they were broadly categorized as wireless reconnaissance and mapping, physical 
security attacks, security protocol attacks and application security attacks [6]. Security needs and possible 
attacks in IoT networks are discussed in [7], [8]. Fabrication, denial of service (DoS) attack, man in the 
middle (MITM) attack, and eavesdropping. are some common types of attacks. So, there must be properly 
designed security measures to restrict these attacks. 

In a conventional IoT application, data collected from various sensors are uploaded to the cloud 
through a gateway node. Data processing and analysis are performed in the cloud, and this will be accessed 
by other users. Anyway, the data will be uploaded to a central storage in an encrypted form, knowingly or 
unknowingly, by all the stakeholders. Figure 1 shows the data flow in the network model of a centralized 
architecture based IoT network. 


Centralized 
Storage 


Sensor Network 


User 


Figure 1. Network model of a conventional IoT application 


IoT systems require lightweight algorithms. On the basis of this requirement, a lot of research works 
were conducted. Encryption algorithms are used to ensure data security and thus help to achieve 
confidentiality. These algorithms can be symmetric or asymmetric. A lot of researchers introduced 
lightweight algorithms [9]—[19] for IoT communication based on symmetric algorithm, AES. Major concern 
that arises in case of such encryption algorithms is that separate authentication algorithm should be applied to 
achieve authentication. In such a scenario, it is preferred to use authenticated encryption (AE) algorithms. 
Another suggestion to achieve multiple goals simultaneously is to use attribute based encryption (ABE) 
schemes [20], [21]. ABE based security methods for IoT applications are given in [22], [23]. In this, data can 
be accessed by only those who possess a specified set of attributes. If the encryption is based on DES, AES, 
or any other lightweight cipher, in other words, if it is a symmetric one, then an efficient key management 
technique must be used. Same key will be used to decipher if a symmetric method is followed and hence 
compromising the key will definitely collapse the system. Similarly, session keys may be used to protect 
communication sessions. So, session key agreement also becomes a point to be addressed. 

Performance analysis of IoT oriented security algorithms is given in [24], in which the derivations 
are based on cryptographic libraries like Crypto++. A comparison study between Diffie-Hellman (DH) and 
elliptic curve Diffie-Hellman (ECDH) is given in [25], and in this, ECDH is concluded to be better in terms 
of power consumption and robustness. However, still, there are many challenges existing in this domain [26], 
[27]. Some of these include identity and access management, access control, and secret information exchange 
between the participating nodes. Keoh et al. [28] had given a study of IoT key management protocols in 
which centralized and decentralized approaches were discussed. In the study [29], it is mentioned that the 
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biggest issue in smart home energy management IoT systems is to establish a common session key initially. 
A novel key exchange algorithm is given in [2]. Koduru et al. [2] state that it is better than DH algorithm. 
However, in that method also, a common value has to be assumed initially. However, in the proposed 
method, it is exactly, a zero-share technique. 

From the literature review, it can be concluded that there does not exist a unique solution that 
satisfies all requirements for an IoT environment, even though requirements vary depending on the 
applications. So, before applying appropriate security solution, requirements for the specific IoT application 
must be studied in detail and appropriate security algorithm must be chosen. As far as any security algorithm 
is considered, whether it is symmetric or asymmetric, key management is a crucial matter of concern. Hence, 
designing an efficient key management algorithm is an important task. In this paper, a secure key exchange 
method is proposed, and it is compared with existing algorithms including the commonly accepted DH 
algorithm and ECDH algorithm for key exchange. 

The following sections are arranged. Next section explains the proposed method, and section 3 
implementation details. Section 4 gives the performance analysis which contains both informal and formal 
analysis with the automated validation of internet security protocols and applications (A VISPA) tool. 


2. PROPOSED METHOD 

Hybrid distributed IoT applications involve distributed IoT nodes that are connected to a cloud 
through gateway node. Implementing such an application with blockchain will definitely ensure 
authentication of involved gateway nodes. In our system, several sensing devices will be connected to a 
gateway node, and this is a member of blockchain. When, a new participant enters blockchain, user 
credentials are assigned to provide authentication of users. When a new device is added under a gateway 
node, a master key is generated corresponding to that device. Uploading of data generated from that device 
has to be encrypted with the master key. All the communications between a gateway node and its connected 
devices will be protected by a group key. The group key used here is Kag and this is a symmetric key that 
will be agreed upon by the connected devices to a particular gateway. The encryption with key Kag provides 
a double layer of protection to the data. First level encryption is done by the master key, K and this provides 
the basic stronger protection for the data. The encryption algorithm used is AES with 128 bit key. Since this 
is a symmetric algorithm; same key has to be distributed with intended recipient. The proposed system 
provides more security with the assistance of ABE scheme. Key will be shared with the recipient only if the 
attribute for that entity matches with the specified set of policies for a particular data item. Now, an efficient 
secure key exchange algorithm should be selected for sharing the key between sending node and approved 
recipient node. Several conventional key transfer algorithms exist. 

One-time pad is the only cryptosystem that provides perfect secrecy. However, the drawback is to 
have a means for sharing common key between the sender and recipient. This kind of information sharing is 
always a point of concern in any security algorithm. In order to deal with this, following idea can be used. 
The sender (S) and recipient (R) will have to choose their own private key values, say K1 and K2, 
respectively. Then, the common information (here it is the master key, K), can be shared through a fixed 
number of handshaking steps, as mentioned in [30]. The steps involve matrix computations. In order to 
reduce the computation, size of the matrix is restricted to 4x4, so that the effort is not tedious for constrained 
IoT devices. At the same time, it is not easy to retrieve the real value, for an eavesdropper since matrix 
operations are mostly non-commutative in nature. The proposed method is able to stand up against brute 
force attacks, as calculating inverse of matrices is impossible if it is a singular matrix. 

In case of conventional DH key exchange algorithm, a common secret has to be shared between the 
two participants and this will be used to exchange actual key. In DH, both sender and receiver have to select 
and agree on a large prime number and a base value. The initial parameters have to be shared over a medium 
and these values may be received by an eavesdropper also. For this sharing, a secure channel or some kind of 
synchronization would be needed. This will create overhead and possibility of errors or attacks if the medium 
is prone to an attacker. DH algorithm does not provide authentication. That means any person can 
impersonate as the sender and exchange the key with a recipient. It is also possible to have a DoS attack since 
an attacker can establish a communication. ECDH provides authentication by using private and public key 
pairs. However, in ECDH also, some initial values have to be shared between the communicating entities. 
Both algorithms are having exponential computations. One major drawback in these two existing key 
exchange algorithms is that both are prone to active MITM attack. They provide protection from passive 
attackers. However, an unauthorized party can impersonate as the sender/recipient and gain access to the key. 
In ECDH, the attacker can intercept a communication and pass his own public key, by replacing actual 
sender’s public key to recipient. Recipient, without knowing this, may execute further steps with the 
unauthorized person. Thus, it is a valid conclusion that initial parameter-exchanging steps are creating 
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loopholes to attacks. In proposed method, it is not needed to share anything between the sender and recipient. 
Also, all the sessions between a sensor node and its gateway node are encrypted by the group key. 

Proposed method is given in Figure 2 and Table 1 gives the algorithm. First step is to randomly 
generate a master key for a particular device by the sender (A). Since the algorithm is based on square matrix 
computations, it is preferred to use a master key of convenient length. In this work, algorithm uses a 4x4 
matrix. So, it is convenient if the master key generated contains 128 bits, to convert that to get a matrix with 
16 elements. First eight bits of the key will form the first element in matrix, second eight bits form second 
matrix element and so on. All further communications from the device will be encrypted with this master 
key, say K. 


Selects Py 


Selects Pg 


M4=M3*P3 


Figure 2. No-share key exchange method 


Table 1. Proposed algorithm 
Prerequisites: Sender, A and recipient, B select their private key matrices Pa and Px, respectively. All the 
message transfers given below will be protected by the group key, Kac, which is the symmetric key shared 
between the gateway node and the device. 


Steps: 
1. When a new device is added at a user, A, a master key, K is generated. The key size is 128 bits. 
2. For sharing K between A and B, following steps are proposed. 

2.1. Kis converted initially to a 4x4 matrix. 

2.2. Sender, A selects a private key square matrix Pa, which is of same dimension. 

2.3. Find the product, M1=P,x K and send to B. 

2.4. At the receiver side, B selects private key matrix, Pg of same dimension. 

2.5. B computes M2=M1xPx and sends to A. 

2.6. At A, M3=P,!xM2 and transfer to B. 

2.7. B computes M4=M3xPx’ and this M4 is actually the key, K. 
3. A encrypts the data by a strong encryption algorithm with encryption key as K. B can decrypt the data only if 
he/she possesses the key, K. 
4. B gets the key value, K through the steps in 2, and decrypts the data 


Value of K cannot be retrieved at any of these intermediate steps by an attacker if some conditions 
are imposed. This means, even if the channel is insecure, key cannot be compromised. It is mandatory that 
private key matrices of size 4X4, selected by A and B are invertible. Communicating parties do not have to 
share it over the insecure channel. However, intermediate steps involve multiplication with inverse of these 
matrices. Another point to be taken care is that the intermediate matrices like M1 and M2 should be 
non-invertible. 

If this matrix M1 is invertible, attacker can retrieve private key of B after step 2.5 because M2 is a 
product of M1 and B’s private key, Pg. So, if M1 is invertible, an eavesdropper can catch it after step 2.3, 
take the inverse and multiply that with the matrix M2 after step 2.5, and easily gain Pg. So, it must be ensured 
that M1 is noninvertible. If the product matrix, M1 is invertible, there is a possibility for the attacker to 
retrieve the private key matrix by performing some inverse operations. For a square matrix to be 
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non-invertible it must be singular or, its determinant must be zero. Here, it is ensured that the master key 
matrix generated randomly, is having a determinant equal to zero. Hence, following are the conditions to be 
satisfied when the private matrices as well as key are generated: i) private matrices, Pa and Pg should be 
invertible and ii) M1 must be noninvertible. 


3. RESULTS AND DISCUSSION 

An application scenario based on patient health information was developed. The hardware 
components include Raspberry Pi machine, connected to a healthcare application in a distributed system. 
Blockchain was used for implementing the same. The platform selected was Hyperledger fabric supported 
with NodeJS, node package manager (NPM), Go and docker installations. As a test case, two organizations 
were created, and each organization had two peers. A channel is created to share the ledger and organizations 
are added to this channel. Chaincodes (smart contracts) are written in go programming language (Golang), 
and these are installed to channels. Then, the chaincode has to be instantiated by any member in the network. 
Required certificates and cryptographic materials are generated using CryptoGen tool in Hyperledger fabric. 
When the user node is enrolled to blockchain, a private and public key pair is created. Private key will 
provide authentication in all further communication from this user. Same key pair can form a basis for 
authenticating devices to this particular user. Implemented system consists of a patient connected to smart 
home, which is considered as Organization-1 and several IoT devices are connected to this member patient. 
Assume that patient named Johny is connected to a device, with ID “D1” When user authenticates and enrolls 
a new IoT device, a master key is generated. The sensed data from D1 will be encrypted with a strong 
encryption algorithm and uploaded to the storage. Here, for implementation, AES was used for encryption. 
The key used for this encryption is protected using ABE. Key will be shared with the second party only if he 
has the specified set of attributes. This helps to achieve access control also. To decipher the data retrieved, 
receiver has to obtain the key used for encryption. For this key exchange, the proposed algorithm is used. 
With the 128 bits key, this algorithm provides nonlinear level of security. This makes the efforts to be put by 
an eavesdropper to retrieve the key, tedious. When the device is added to the patient (Organization-1), a 
master key is generated. Here, the random 128 bits key generated is “#8+&8&f{NM+NBC&MCJ”. Hence, the 
matrix obtained is, 


218 188 131 32 


: : 40 
Private matrix of the sender, Pa= 7 


1265 358 479 32 
355 112 85 5 
277 77 323 23 
11 3 14 1 


Private matrix of receiver (doctor in this test case), Pg= 


Data generated by the device is encrypted by using K and uploaded to the storage (here it is 
MongoDB). Along with this, patient will specify some set of attributes, and this is to facilitate ABE. This will 
help to achieve access control also. When a particular doctor would like to access the data item, blockchain 
will perform the access control checks. If the attributes of the doctor are matched with the specified 
attributes, the key can be shared by using the proposed no-share scheme. 


4. PERFORMANCE ANALYSIS 

Performance analysis of the proposed method is given in two subsections. First one discusses the 
informal analysis. Informal analysis section discusses the resistance of proposed method against various 
attacks. This section is followed by a formal study with the help of widely accepted AVISPA tool [31]. 


4.1. Informal analysis 

This section explains the measures taken in the proposed method to resist various kinds of attacks. 
Possible attacks like eavesdropping attack, MITM attack and node tampering attack are being considered. 
The ways in which proposed method provides protection against these attacks are discussed. 
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4.1.1. Eavesdropping attack 

IoT devices communicate with the gateway node through wireless networks and hence, all the 
message exchanges may be observed by an adversary. In the proposed method, once the device gets 
authenticated successfully with the gateway node, both parties agree upon a symmetric group key. Data is 
first encrypted by the master key and all steps involved in exchanging master key are protected by this group 
key. So, it is proved that the method is secured from eavesdropping attack and the attacker will never be able 
to retrieve the data. 


4.1.2. MITM attack 

In MITM attack, the adversary stands in between the communicating entities. The proposed method 
is resilient to this kind of attack since, the group key is known only to authenticated devices that are 
connected to the gateway node. Also, steps for exchanging the master key involve computation with private 
key matrices which is specific to the intended sender and recipient only. The gateway nodes involved are 
members of blockchain and hence, it is not required to recheck the authentication of those nodes. Blockchain 
provides strong authentication to the participants. 


4.1.3. Node tampering 

Physical device security cannot be assured. This means, the node may be captured by an attacker 
and its local memory may be accessed. Hence, the master key generated by the device will be kept in local 
storage in an encrypted form. For this encryption, the group key is used. The group key will be updated after 
each session. This shows our method is resilient to node tampering. Even though the node is tampered, and 
local memory is accessed by an attacker, he/she will not be able to retrieve the symmetric master key of the 
device. 

In addition to the resilience to such common attacks, proposed method ensures authentication of 
involved entities. Gateway nodes are authenticated with the blockchain parameters. These gateway nodes 
will have to perform mutual authentication steps to verify the credentials of the device. A summary of the 
resilience of proposed method against various attacks and its comparison with the conventional and widely 
used key exchange methods such as DH algorithm and ECDH key exchange algorithm is given in Table 2. 
DH is based on modular arithmetic and its security is based on discrete logarithm problem while ECDH is 
adapting the concept of DH. In case of DH, large prime number has to be selected and for ECDH, curve 
parameters have to be selected. So, both these algorithms involve the exchange of some initial parameters. 
Steps involved in these two algorithms are irreversible since they are based on computational Diffie-Hellman 
Problem. Similarly, steps involved in proposed method are non-commutative. One major drawback of DH is 
that it does not ensure authentication. So, any person can involve in initial parameter exchange session and 
get the secret key. However, this drawback is not present in the next two methods (ECDH and proposed), 
since they involve private keys associated with each entity. 


Table 2. Comparison between DH, ECDH and proposed method 


Characteristics Diffie-Hellman Key Elliptic Curve Diffie-Hellman No-Share Key Exchange 
Exchange (DHKE) (ECDH) KE (NSKE) 
Based on Discrete logarithm Yes Yes No 
Initial parameters to be shared Required, Large prime Required; Public keys and Not required 
numbers and value to be curves has to be 
exchanged generated/selected 
Steps involved Irreversible Irreversible Non-commutative 
Authentication Not present Present Present 
Types of operation Exponential steps involved Elliptic curve arithmetic Matrix multiplications and 
involved inverse calculations involved 
Level of security Linear Linear Nonlinear 
Brute Force attack Not possible Not possible Not possible 
MITM (active) Possible Not possible Not possible 
DoS attack Possible Not possible Not possible 


Another advantage of proposed algorithm is that it provides nonlinear computations (using 
matrices). All these methods are resistant to Brute Force attacks and passive MITM attacks. In DH, 
computations are involving exponential steps, whereas in ECDH, elliptic curve arithmetic operations are 
involved. However, in proposed method, steps include only matrix computations that are not much 
complicated. 
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4.2. Formal Analysis 

Here, a formal analysis of the proposed method is done with the help of AVISPA tool. AVISPA is 
an analysis tool that helps to model security protocols and perform the analysis using different in-built 
backend compilers. The tool consists of four different back-ends: on-the-fly model-checker (OFMC), 
constraint-logic-based attack searcher (CL-AtSe), SAT-based model-checker (SATMC) and tree automata 
based on automatic approximations for the analysis of security protocols (TA4SP). 

Proposed method was first written in Alice-Bob notation and then, it was converted to high level 
protocol specification language (HLPSL). For illustration, the first 2 steps of Alice-Bob notation of 
encryption are given below. Assume that A is the sending device. G is the gateway node and B is the 
recipient node. K is the master key used for symmetric encryption of data by A, and Kag is the group key 
shared by G with A. 


APG: EXhikkag and GPB: EX} 3 Kp. 


Kg is the public key of recipient, B. Gateway node, G decrypts the received message with the 
symmetric key, Kag and encrypts it with public key of B and sends to B. B receives {{X}_K}} Kg and it 
retrieves X by decrypting with its own private key first and then by the master key shared with NSKE 
method. As an example, HLPSL code snippet of the gateway role is given below. Similarly, role of the 
sender and role of the recipient node were also implemented and tested. 


role role G( 


G, A, B : agent, 
K, Kag : symmetric key, 
Kb : public_key, 
SND, RCV : Channel (dy)) played_by G 
def= 
local State : nat, S: text 
init 
State :=0 
transition 
1. State=0/\RCV(A.{{S}_K} Kag)=|>State':=1/\SND({{S}_K}_ Kb) 
end role 


The protocol has been tested and the results obtained for OFMC and CL-AtSe compilers in AVISPA 
tool are given, in Figure 3. The protocol specification turned out to be SAFE under OFMC, SAFE under 
CL-AtSe, INCONCLUSIVE under SATMC and INCONCLUSIVE under TA4SP compilers. OFMC backend 
compiler tests the specified protocol against passive attacker and here, proposed method proved to be SAFE. 
Hence, it is protected from replay attack. The system is based on Dolev-Yao model [31]. According to this 
DY model, all the information exchange will be visible to the intruder. The knowledge shared with intruder 
was specified to be role_A, role_G, role_B, Kac and Kpg, in the HLPSL file specification. This means, the 
proposed method satisfies the security goals (secrecy and authentication) specified in the environment 
section, provided the master key K is not known to the intruder. 

The exchange of master key steps involves 4 steps as already discussed. All the data exchanges are 
protected by encryption with the symmetric key Kac. This key is available only to the authenticated devices 
which are connected to the gateway node, G. The first step of transferring master key, K is M/=P,4*K and 
second step is M2=M1*P3. 


% OFMC SUMMARY 
% Version of 2006/02/13 SAFE 
SUMMARY DETAILS 
SAFE BOUNDED_NUMBER_OF_SESSIONS 
DETAILS TYPED_MODEL 
BOUNDED_NUMBER_OF_SESSIONS PROTOCOL 
PROTOCOL /home/span/span/testsuite/results/nske2.if 
/home/span/span/testsuite/results/nske2.if GOAL 
GOAL As Specified 
as_specified BACKEND 
BACKEND CL-AtSe 
OFMC 


Figure 3. Results of OFMC and ATSE compilers in AVISPA testing 
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All these steps are passed through the wireless communication medium and are protected with the 
group key encryption. Another possibility is that adversary can retrieve M1 and compute its inverse so that in 
second step, M2*M1” can be done to obtain the private key (Ps) of B. However, in our method, M1 is a 
non-invertible matrix which terminates the possibility of such an attack. This can be proved by method of 
proof by contradiction. Assume that the proposition, X>Y: 

If M1 is noninvertible, Pg is not computable. 

So, according to Proof by contradiction method, initially, we assume that negation of this 

proposition is true. It can be written as (1). 


~X is true (1) 
This means, assume M1 is invertible. Inverse of M1 can be computed as (2). 
M171 = 1/det(M1) » (adj(M1)) (2) 


Where, det(M1) and adj(M1) denote the determinant and adjoint of M/, respectively. However, we have 
put the constraint as Det(M1) should be 0. Therefore, (2) becomes M171 = (1/0) * (adj(M1)), in 
which, division by zero is not defined. This means M7 does not have an inverse or M1 is non-invertible, 
which is a contradiction. So, our initial assumption, “~X is true” was wrong and hence, we conclude 
that X is true. This proves that even though an adversary can obtain the contents of M1 by breaking the 
encryption with group key, he/she will not be able to proceed to find out the actual private key matrix. 
The efficiency of the algorithm can be generally explained with the following points; i) as it is not required to 
share a common data between two parties, private key matrices can be generated randomly. Only thing to be 
taken care is that determinants of these matrices should not be zero and ii) handshaking steps involve 
noncommutative matrix multiplication steps. Thus, it is assured that any combinations of these intermediate 
steps will not help the attacker to retrieve the data. The costs involved in computation of matrix operations 
are. 
a. Steps 2.1, 2.2, 2.3: (Taking a number +2x multiplication) cost of computation involves 2xN’ steps, for Pa 
and Px. 
b. Step 2.4, 2.5: Cost of matrix multiplication=N? steps for matrices of order N 
c. Step 2.6, 2.7: Cost of inversion+Cost of multiplication=2xN? steps for matrices of order N. 

Complexity increases as the matrix order, N increase. Since the system consists of resource 
constrained devices, it is better to choose a low value to form the square matrix. However, since security 
cannot be compromised, it should not be too low also. A 4x4 matrix is a sufficient value to provide a good 
level of security features. Since the sensed data is of moderate size, 128 bits key is enough to provide 
sufficient security. Compared to the well accepted DH algorithm and ECDH key exchange protocol, the 
major strength of this proposed method is that it works on the basis of zero-share scheme, since nothing 
needs to be shared at the beginning. Comparison between DH, ECDH and proposed NSKE method in terms 
of execution time is given in Figure 4. The algorithms were implemented in JavaScript, run in Chrome web 
browser and system specifications include Windows-64-bit operating system, 4 GB RAM. 


Time in milliseconds 


No. of key transfers 
Figure 4. Execution time comparison between DH, ECDH and NSK (proposed method) 
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From this figure, it is clear that NSKE method takes very less time to exchange a key between 2 
parties compared to the time taken by DH and ECDH key exchange methods. NSKE performs 45.74 (average 
of all trial runs) times faster than DHKE and ECDHKE. The proposed algorithm proved to be secure under 
various attacks. Now, it is also proved that computational cost and complexity involved are very less 
compared to other conventional algorithms. It can be concluded that proposed method is efficient in terms of 
complexity also. Hence, it is well suited for resource constrained devices. 


5. CONCLUSION 

Several challenges arise when IoT applications are implemented in a distributed manner. The 
upcoming blockchain paradigm will help to achieve the security goals like authentication and integrity. 
Confidentiality will be achieved if the data is encrypted with an efficient algorithm. Major security challenge 
still exists is the key management. Hence, a zero-share secret information exchange algorithm is proposed. 
The algorithm is able to provide better security than conventional key exchange algorithms, provided 
encryption is done. Since there is no need to share any information between the communicating nodes, unlike 
existing key exchange algorithms, this proposed method can be used to exchange initial session key. Also, 
the proposed method performs much faster compared to conventional key exchange algorithms. The 
transferred session key can be used for securing all further data exchanges between the parties. 
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